You need to restore the deleted user account

A network contains an Active Directory Domain Services (AD DS) domain. Active Directory
is configured as shown in the following table.

The functional level of the domain is Windows Server 2008 R2. The functional level of the
forest is Windows Server 2003.
Active Directory replication between the Seattle site and the Chicago site occurs from 8:00
P.M. to 1:00 A.M. every day.
At 7:00 A.M. an administrator deletes a user account while he is logged on to DC001.
You need to restore the deleted user account. You must achieve this goal by using the
minimum administrative effort.
What should you do?

A network contains an Active Directory Domain Services (AD DS) domain. Active Directory
is configured as shown in the following table.

The functional level of the domain is Windows Server 2008 R2. The functional level of the
forest is Windows Server 2003.
Active Directory replication between the Seattle site and the Chicago site occurs from 8:00
P.M. to 1:00 A.M. every day.
At 7:00 A.M. an administrator deletes a user account while he is logged on to DC001.
You need to restore the deleted user account. You must achieve this goal by using the
minimum administrative effort.
What should you do?

A.
On DC006, stop AD DS, perform an authoritative restore, and then start AD DS.

B.
On DC001, run the Restore-ADObject cmdlet.

C.
On DC006, run the Restore-ADObject cmdlet.

D.
On DC001, stop AD DS, restore the system state, and then start AD DS.

Explanation:
We cannot use Restore-ADObject, because Restore-ADObject is a part of the Recycle Bin
feature, and you can only use Recycle Bin when the forest functional level is set to Windows
Server 2008 R2. In the question text it says “The functional level of the forest is Windows
Server 2003.”
See http://technet.microsoft.com/nl-nl/library/dd379481.aspx
Performing an authoritative restore on DC006 updates the Update Sequence Number (USN)
on that DC, which causes it to replicate the restored user account to other DC’s.
Reference 1)
MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 692
“An authoritative restore restores data that was lost and updates the Update Sequence
Number (USN) for the data to make it authoritative and ensure that it is replicated to all other
servers.”
Reference 2)
http://technet.microsoft.com/en-us/library/cc755296.aspx
Authoritative restore of AD DS has the following requirements:
(…)
You must stop the Active Directory Domain Services service before you run the ntdsutil
authoritative restore command and restart the service after the command is complete.



Leave a Reply 0

Your email address will not be published. Required fields are marked *